Computer scientists looked at one billion spam emails that they obtained via feeds from Google, Microsoft, Yahoo and other companies. Over a span of three months in 2010, the scientists visited the websites the spam emails linked to. They analyzed the infrastructure these sites used, looking at where they were hosted, which server names and name registrars were used. They then grouped the websites together based on the organization funding the spam-linked websites and purchased $4,000 worth of goods from these organizations. The products purchased included pharmaceutical products, replica luxury goods and counterfeit software — in other words, the products most widely advertised in the spam emails.

According to the 15 researchers, spam systems depend on registrars, website hosting and payment for products bought through spam email links. They discovered that the infrastructure of the spam ecosystem was complex, with server computers, manufacturers and banks spread out in different locations. This wide distribution complicates the problem of how to eradicate spam.

In one case, a spam email sent out by a bot linked those who clicked on the advertised URL to a website with its domain registrar in Russia, its server computer in China, the merchant bank in Azerbaijan and the manufacturer in India.

According to the paper, the most effective means of preventing spam would be to interfere in the banking component of the spam system.

By analyzing the data gathered from spam purchases, the researchers also found that the payment step made the purchaser vulnerable.

The researchers found that Visa and Mastercard are the only two credit card processors handling the in-between transactions within the spam system.

“In the end, we found that the spam ecosystem depends on a relatively small number of banks to handle their merchant accounts and accept Visa payment from potential customers,” computer science and engineering professor Stefan Savage wrote in an email.

According to the researchers, regulation and enforcement can effectively control the spam system because it relies on a few banks and credit card processors. If the U.S. banks issuing credit cards refused to handle spam-related transactions, then the spam ecosystem would lose its profitability.

Now that researchers have determined how to break up the spam system, the information can be used to deter banks from serving the organizations responsible for spam. The researchers have informed all the stakeholders involved, such as brand holders, U.S. regulatory bodies and large-scale mail providers.